Well the SHA-2 digest returned by this function IS different from what you get when you hash the file, because this funtions hashesh the pixels themselves.

This is very useful when you need to identify identical images, because if you just hash the files, you may get different hashes even if the image is the same pixel by pixel because of differences in metadata or different format (ie PNG vs BMP) or perhaps stray bytes at the end of file etc...

There is no point in posting code that hashes files, that is completely irrelevant here.

Also, I doubt you really need to pick a different hashing algo, SHA-2 should be perfectly fine for this job.

The getImageSignature function for the ImageMagick package in PHP returns only the SHA-1 hash value for an image. There are not any other algorithms available for it within the ImageMagick package, but fortunately, this is PHP and you have a wide array of hashing algorithms to use on any image file. The function hash_algos() will return an array of hashing algorithms available in PHP and the function hash_file() will take three parameters (one for the algorithm to use, one for the filename, and an optional variable for binary output). Instead of being limited to the SHA-1 algorithm of the getImageSignature function, you could use SHA-256, SHA-384, SHA-512, Whirlpool, HAVAL, Salsa, Gost, Adler32, CRC32, or MD5, among others and variations of these.

However, the SHA-1 result of the hash_file() function performed on a file does not return the same result as the SHA-1 of the getImageSignature() function. This leads me to believe that the SHA-1 of the getImageSignature() might be performed on the Imagick object itself, instead of the file, whereas the hash_file() function is clearly performed on the file itself. That's just a guess, though.

Some sample code for the alternate hashing algorithm, with every algorithm performed on the image file :

The getImageSignature function returns the SHA-256 hash value, which is 256 bits (or 32 bytes) in length. SHA-256 is part of the SHA-2 set of cryptographic hash functions designed by the NSA, which also includes SHA-224, SHA-384, and SHA-512. According to Wikipedia, there are some security flaws in it similar to the set of SHA-1 hash functions, which should be fixed with SHA-3, eventually. Unlike MD5 or the SHA-1 set of cryptographic functions, SHA-2 has had no collisions discovered yet (a collision is an incident where two different pieces of data result in the same hash value from the hashing function). For the time being, it seems to be the most efficient method for creating a small (32-byte), uniquely-identifiable, generally-secure value for either a file or a piece of data.